Summer of Spam, or Why Over 25 Percent of Belarus's IP Addresses Are Being Blocked

A new report from the Cloudmark security company has two big takeaways. First, that spam comes in waves, playing off popular terms that will appeal to victims. The second is that more than a quarter of Belarus' total IP space has been blocked for sending out spam. Wow.

A new report from the Cloudmark security company has two big takeaways. First, that spam comes in waves, playing off popular terms that will appeal to victims. Second, that more than a quarter of Belarus' total IP space has been blocked for sending out spam. Wow.

Belarus Bombed by Spam Let's work through that Belarus figure because not only is it a bit complicated, it also exposes how spammers operate. According to Cloudmark's report, the company is blocking 27.4 percent of Belarus's total IP address space. The former longtime record holder for percentage of IP addresses blocked is Romania, which currently has 22.3 percent of its total IP space blocked by Cloudmark.

That sounds like a lot, and it is, but Cloudmark researcher Andrew Conway broke down what these numbers really mean. He explained that IP addresses are assigned differently country-by-country. "The US has been allocated five IP addresses per person, where as Nigeria has one address for every 120 people," he went on to explain that each IP address can be further split using different translation processes.

When you look at the actual number of IP addresses blocked, you see that Belarus is almost tied with the U.S., both hovering around three million sites. By comparison, only 0.2 percent of US addresses are being blocked. This means that Belarus has far fewer IP addresses assigned to it than the US, but that a hefty portion of them are being used by spammers.

Also interesting is how Belarus burst onto the spam scene only recently. In January of 2013 only about five percent of the country's IP addresses were blocked for sending spam. That number shot up over the course of just a few months as spammers moved their operations to Belarus hosting services, peaking in May of 2013 at just under 30 percent.

"We were blocking so much of Romania that spammers started moving to Belarus and Russia," explained Conway. "Spammers will follow the path of least resistance."

Summer Spam ExplosionFollowing the path of least resistance often means spammers chase popular search terms in much the same way that blogs try to shuffle their stories higher on Google. "We can see spammers probing around, trying to find the best way of monetizing spam and the best way of sending spam," said Conway.

Some of the summer-themed spam Cloudmark has seen focuses on diet pills and "you have won a free cruise" scams. On top of the catchy packaging, spammers will frequently use websites with hacked domains giving them numerous URLs that slip through spam filters. Sometimes the process is quite complex, with a hacked domain in a spam message that redirects to another hacked domain which houses the actual scam.

"These techniques aren't new, but we're seeing them in unprecedented volume," said Conway. Most of these compromised domains were hacked using known vulnerabilities, many stemming from out of date software. One popular method used a Joomla 1.5 vulnerability which Conway said was patched about five years ago.

How to Stay Safe Spammers are clever and will use a variety of tactics to reach their victims, but the best way to stay safe is to always be skeptical.

For example, some spammers will pose as banks instructing victims to call a particular phone number. "It usually has a really bad auto-responder on it, which will try to get you to enter your account credentials," said Conway. To avoid this kind of attack, Conway recommends looking up the number for your bank and dialing it yourself.

Cloudmark has also seen a rise in more subtle attacks that attempt to get some other piece of information from you that will, eventually, lead to something bigger like banking login credentials. Unusual messages on Facebook or other social networking services should be treated with the same scrutiny as email messages. Also, consider investing in anti-Spam software, such as our Editors' Choice award winners OnlyMyEmail Personal (2013) and Cloudmark DesktopOne Basic 1.2.

SMS spam is still a popular method of reaching victims, so if you do receive a piece of SMS spam, be sure to forward it to the shortcode 7726 to help kill SMS spam once and for all.

About the Author

Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps.
Prior to PCMag, Max wrote... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.